Corporate Governance


Corporate Governance and Ethical Management

● Governance Structure

In order to establish good corporate governance practices, ensure the sound operation of Sinopac Holdings, and achieve the goal of sustainable development, SinoPac Holdings has established the Corporate Governance Guidelines in accordance with the “Best Practice Principles of Corporate Governance for Financial Holding Company” and theCorporate Governance Best Practice Principles for TWSE/TPEx Listed Companies”, with which Sinopac Holdings and its subsidiaries shall comply.

SinoPac Holdings has established the Remuneration Committee and the Audit Committee. Both Committees are composed of three Independent Directors of SinoPac Holdings. In 2018, SinoPac Holdings established the Ethical Management Committee, which is composed of three Independent Directors of Sinopac Holdings and the Independent Directors of Bank SinoPac and SinoPac Securities. The organization, responsibility, and operations of the three Committees comply respectively with the "Remuneration Committee Charter", "Audit Committee Charter", and the "Ethical Management Committee Charter".


● Ethical Management Committee

SinoPac Holdings conducts business activities based on the principles of fairness, honesty, integrity, and transparency. To implement ethical corporate management and actively prevent unethical conduct, in 2018, Sinopac Holdings established the "Ethical Management Committee" in accordance with the "Ethical Corporate Management Best Practice Principles" and became the fifth financial holding company in Taiwan to establish an Ethical Management Committee. SinoPac Holdings established the "Regulations Governing the Handling of Reporting Cases" in the same year to complete the establishment of internal and external whistle-blowing system.

SinoPac Holdings' "Ethical Management Committee" is characterized by three traits. The first is its high level of independence as the eight members consisted entirely of Independent Directors of SinoPac Holdings, Bank SinoPac, and SinoPac Securities. The level of independence is the highest in the industry. The second is the level of the Committee as it falls under the jurisdiction of the Board of Directors and has equal status as functional committees such as the Audit and Remuneration Committee. The third is the high level of expertise as the "Ethical Management Committee" may appoint an attorney, accountant, or other professionals to conduct necessary audits or provide consultation.

SinoPac Holdings established the "Procedures for Ethical Management and Guidelines for Conduct " to specify the items that employees must pay attention to when practicing business activities. SinoPac Holdings also provides information to related stakeholders and trainings for employees to ensure they fully understand SinoPac Holdings' commitment to ethical corporate management, policies, preventive measures, and the consequences of violations or unethical conduct, continuously addressing the importance of ethical conduct. SinoPac Holdings uses the internal corporate platform to educate all employees and require them to carefully read the "Guidelines for Ethical Corporate Management " and the "Procedures for Ethical Management and Guidelines for Conduct" and sign Letter of Declaration to confirm their understanding of the related regulations for business activities to implement ethical management and prevent unethical conduct. Over 90% of SinoPac Holdings and subsidiaries’ employees have signed the statement. And all new employees of SinoPac Holdings and its subsidiaries are also required to sign the "Statement of Ethical Conduct" in writing. In addition, SinoPac Holdings arranges regular or irregular communications and trainings on topics including reporting mechanism and ethical management for new and incumbent employees to strengthen SinoPac Holdings’ corporate culture and sustainable development.

● Reporting Mechanisms

The Ethical Management Committee of SinoPac Holdings established reporting mechanisms in 2018 and the audit unit of SinoPac Holdings is responsible for processing all reports. SinoPac Holdings maintains the confidentiality of whistleblowers and the contents of their reports and protects whistleblowers from inappropriate disciplinary actions due to their reporting. If whistle-blowers are subject to unfavorable disciplinary actions due to reporting, they may lodge a complaint with the Ethical Management Committee of SinoPac Holdings.

Accepted reports include embezzlement or unauthorized use of company funds, unauthorized occupation or disposal of company assets, or forgery of documents that cause damage to the SinoPac Holdings, leak of confidential information, employees or customers' information, affairs under employees' management or supervision, acceptance of bribes, dealings for personal gains, collusion or fraud, seeking direct or indirect gains for the employee or others, or other incidents that involve criminal activities, fraud, or violation of laws.

● Board Operations

To increase the efficiency of Board of Directors meetings, SinoPac Holdings revised the "Articles of Incorporation" in 2014 and reduced the number of Directors to range from 7 to 11 with no less than three Independent Directors. The role of the Executive Directors was abolished. To strengthen corporate governance at the same time, SinoPac Holdings established the candidate nomination system for the election of the Directors who shall be elected from a list of candidates in accordance with laws during shareholders meeting. The Independent Directors' professional qualifications, shareholding, and concurrent serving restrictions, determination of independence, nomination and selection methods, and other matters of compliance shall be subject to the relevant regulations of the competent securities authorities. Also, the "Articles of Incorporation" of SinoPac Holdings specifies that Directors shall serve a term of three years and may be eligible for re-election. At the expiration of the term of office of a Director and under the circumstance that the election cannot be held in time, the Director’s term is automatically extended until the newly elected Director takes office.

SinoPac Holdings' Board of Directors convenes meetings once every month in principle and 12 meetings were convened in 2018. The Directors' average attendance in person rate was 98%. Directors that have conflict of interests in resolutions have been recused from voting in accordance with laws.

SinoPac Holdings has purchased liability insurance for Directors and Supervisors since 2003 and regularly reviews the insurance policies every year. To strengthen corporate governance system, SinoPac Holdings provides Directors with information on related courses on corporate governance and assists in making arrangements for attendance in the courses. In 2018, the education and training of all Directors complied with the "Directions for the Implementation of Continuing Education for Directors and Supervisors of TWSE Listed and TPEx”.

To improve information transparency in the operations of the Board of Directors, the Market Observation Post System, corporate website, and annual reports are applied to disclose the Directors' continuing education and attendance in meetings of the Board of Directors. Material resolutions are disclosed in the Annual Report (extracts of the meeting minutes of the Board of Directors are disclosed on the company website) as well as recusals of Directors from agenda items due to conflicts of interests.

● Remuneration for Senior Executives

The remuneration for the President and Vice Presidents of SinoPac Holdings is based on their individual professional qualifications and prevailing rates in the industry. The remuneration is discussed in the Remuneration Committee and proposed to the Board of Directors for approval. In addition to the monthly fixed base salary and allowances, overall operation results, personal performance, and future risks are also taken into consideration for the distribution of additional bonuses in accordance with related regulations of SinoPac Holdings. All performance bonuses are distributed in cash. The practice connects the remuneration for managerial officers to the business performance of SinoPac Holdings and strengthens investors' interests.

Risk Management and Audit

● Risk Management Structure

SinoPac Holdings has established a clear risk management structure consisting of four specialized layers. From top to bottom, it consists of: the Board of Directors, the Risk Management Committee, the Risk Management Division, and the Audit Division. This clearly distinguishes the authorities and responsibilities, hierarchical authorization, and fully defines the risk management rules and limits for each risk to be best balance between profits and risk management.

● Auditing Mechanisms

SinoPac Holdings has established a chief audit system and established an internal audit unit under the Board of Directors in accordance with the "Implementation Rules of the Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries". The unit maintains its independence in the performance of auditing affairs and provides suggestions for improvements at appropriate time to ensure the continuous and effective implementation of the internal control system and to provide a basis for review and modification of the internal control system. The audit unit conducts at least one regular business audit on SinoPac Holdings each year and conducts one special business audit in the aspects of finance, risk management, and compliance at SinoPac Holdings and its subsidiaries at least once every six months. It also reports the implementation of audits to the Board of Directors and Audit Committee at least once every six months.

SinoPac Holdings uses audit plans and procedures to learn about the actual implementation status of risk management procedures taken by each unit. The items of concern are listed after the risk assessments and Sinopac Holdings follows up on the improvement measures taken by the management for discrepancies found in the audits.

● Risk Culture Development

To ensure that SinoPac Holdings and employees implement the risk management policies and improve the quality of risk management, Sinopac Holdings Risk Management Division evaluates the risk management implementation status of subsidiaries every year in the aspects of "risk management mechanisms", "risk management awareness education and training", and "risk incident reporting". The results of the assessments are used to determine the annual performance of subsidiaries. The performance for the staffs of the risk management divisions at SinoPac Holdings and its subsidiaries is assessed based on their overall annual work performance, progress of various goals, and attendance. In addition, to implement overall risk management of SinoPac Holdings and its subsidiaries, the appointment, dismissal, promotion, rewards, penalties, and performance evaluation of the supervisors of the Risk Management Divisions as well as personnel who serve concurrently in the Risk Management Divisions of subsidiaries shall require the approval of the head of the Risk Management Division and the approval of the corresponding authority in the subsidiaries based on the hierarchical delegation of responsibilities.

● Identification Process and Results for Emerging Risks

New risks have emerged as a result of climate change, new technologies, and demographic changes, etc. Effective identification and assessment of emerging risks and the development of response measures have become important issues for financial institutions. Each year, SinoPac Holdings refers to emerging- risk-related reports issued by external organizations, provides its subsidiaries with annual emerging risk assessments and establishes response measures, collect data on the emerging risks facing subsidiaries, identifies emerging risks at the financial holdings level, and develops risk response measures for management.

● Management Policies and Response Strategies for Climate Change Risks

SinoPac Holdings understands the risks and opportunities climate change poses to business operations, and continues to pay attention to the "Task Force on Climate-Related Financial Disclosures" (TCFD) issues. By regularly holding SinoPac ESG Seminars, SinoPac Holdings stays abreast of climate-change issues facing the finance industry and raise risk awareness from the highest corporate levels to regular employees to clients, thereby promoting industry exchanges on climate-change issues and taking advantage of international climate change development trends.

● Taxation Risk Management

SinoPac Holdings upholds the ethical management principles and works hard to achieve corporate sustainable development. It abides by taxation laws and pays various taxes in accordance with the deadlines.

Legal Compliance

● New Legal Compliance Culture

SinoPac Holdings appointed Ms. Shu-Min Lin, a professional with extensive experience in corporate governance and legal compliance, to serve as the Chief Compliance Officer and the head of the Legal & Compliance Division in 2018. In addition to overseeing legal compliance operations, the Chief Compliance Officer reports the status of legal compliance operations to the Board of Directors at least once every six months and promotes the independent operations of legal compliance departments in the parent and subsidiary companies. Legal compliance units are transformed from a passive guardian in internal controls to an active corporate partner and build a new legal compliance culture for SinoPac Holdings. SinoPac Holdings established a Corporate Governance task force under its Sustainable Development Committee, and the unit responsible for implementation is the Legal & Compliance Division which enhances the implementation of the Corporate Governance improvement action plan.

In response to the "Corporate Governance Inspection and Improvement Project" since 2017, the Legal & Compliance Division implemented detailed action plans to enhance the independent operations of compliance functions while separating the roles and responsibilities of compliance personnel to sole duties in Holdings from subsidiaries and improving the depth and intensity of the training. SinoPac Holdings supervises the subsidiaries Bank SinoPac, SinoPac Securities, and SinoPac Leasing in the "Legal Compliance Improvement Plan". The results of implementation are regularly reported, and the legal compliance improvement plans are introduced into internal management mechanisms for expansion into other subsidiaries. SinoPac Holdings also uses systems and operating procedures to strengthen control measures in related party management. To improve the transparency of information disclosed in the "Corporate Governance" section on SinoPac Holdings' corporate website, management mechanisms were established to ensure the timeliness and accuracy of information updates, and the section has been fully revised.

● Material Violations and Improvement Measures

The management levels and employees of SinoPac Holdings and subsidiaries are fully aware that they are the foundation for corporate sustainable governance. However, suitable improvements must be made based on the conditions and processing methods for incidents and adopted as lessons for optimizing corporate governance decision making in the future.

● Anti-Money Laundering and Financial Crime Prevention

The Group focuses on establishing a comprehensive and effective anti-money laundering and counter terrorism financing system. To comply with regulations of the competent authorities, SinoPac Holdings has established the "Anti-Money Laundering and Counter Terrorism Financing Policy" for compliance by SinoPac Holdings and all subsidiaries. The subsidiaries also established their own internal regulations and operating procedures for anti-money laundering and counter terrorism financing operations based on laws for their respective industries, related industrial laws and regulations, the self-disciplinary regulations and conventions of industry associations, and references provided in the "Anti-Money Laundering and Counter Terrorism Financing Policy". Related contents shall include at least the verification of customer identity, customers' acceptance principles, customer and transaction monitoring and control, risk management and control, and record retention principles.

Information Security

● Information Security Governance Structure and Management System

New technologies have increased online criminal activities and the financial industry must carefully respond to information security issues. Sinopac Holdings established the "Information Security Policy" to strengthen information security management and ensure the confidentiality, integrity, and availability of the information processed by SinoPac Holdings and its subsidiaries. SinoPac Holdings established the "Information Security Committee" in September 2018 and recruited the Taiwanese information security expert Eric Lee, a former police officer who became an expert in the financial industry, to serve as the convener of the Information Security Committee and make use of his expertise in processing online criminal activities and information security as well as his knowledge of the research and development of new technologies to plan SinoPac Holdings’ overall information security infrastructure and monitoring functions. The subsidiaries Bank SinoPac and SinoPac Securities also established dedicated information security units and continued to update their ISO 27001 Information Security Management System certifications. In addition, the members of the Board of Directors such as the Directors Chi-Hsing Yeh and Yi-Da Ho have information technology/information security backgrounds and they can supervise and provide suggestions to the Information Security Committee of SinoPac Holdings.

The "Information Security Committee" falls under the supervision of the President. It is responsible for the implementation and governance of information security affairs and supervision and management of information security risks. The members consist of the heads of the Legal & Compliance Division, Risk Management Division, Digital & Technology Division, and related supervisors responsible for information security in subsidiaries. The Chief Auditor also attends meetings of the Committee. The Committee's mission is to review the information security policies and measures, review the information security management system, improve information security awareness and training programs, and evaluate and determine information security infrastructure. The duties of the Committee and other related departments are described below:

To ensure the implementation of the information security management system, SinoPac Holdings proposed various information security plans and operating procedures including the security management of the information system, online security management, application system access management, application system development, maintenance and management, computer asset management, system environmental security management, and information system disaster recovery management, etc.

  • Information Security Evaluation Mechanisms and Results

The subsidiary Bank SinoPac proposed a computer system information security assessment plan approved by the Board of Directors in accordance with the “Regulations Governing System Information Security Evaluation by Financial Institutions ". It also appointed a qualified external information service company to execute the assessment. The completed assessment report was delivered to the Audit Division to follow up on discrepancies and reviews and the reviews were reported to the Board of Directors to supervise the improvements made for discrepancies.

  • Response and Management of Information Security Incidents

In the event of an information security incident, all units shall immediately process the incident in accordance with the "Emergency Response Rules" and notify the convener of the Information Security Committee to assign dedicated personnel to respond to the incident. The designated personnel shall assess the scope of the impact, formulate response plans, and notify the convener for necessary decisions and task assignments. Bank Sinopac established the "Information Security Rules" and the "Information Management Operations Manual". The "Information Security Rules" are provided with attachments that include various operating procedures to provide employees with clear procedures to follow and prevent related information security/network security risks. The "Information Security Rules" include comprehensive response and management measures for information security incidents including information security incident management procedures such as the reports, response measures, follow-up, and improvements for information security incidents. The guidelines for reporting information security incidents include definitions of incident risks level and management of reporting procedures. SinoPac Securities established the "Information Security Incident Management Procedures", "Distributed Denial-of-Service Defense and Response Operation Guidelines", "Emergency Incident Response Guidelines", "Operation Risk Management Regulations" for employees to determine the classification of incidents and related processing procedures.

● Customer Information Privacy

To ensure the security and privacy of customers' personal information, SinoPac Holdings established related management policies and Bank SinoPac, SinoPac Life Insurance Agency, SinoPac Securities, SinoPac Securities (Europe), and SinoPac Securities Investment Trust appointed Data Protection Officers (DPOs). They also established "Customer Information Confidentiality Measures" sections on their websites to disclose the methods for the collection, storage, safekeeping, and protection of customer information and provide customers with rights to exercise and withdraw from information exchange and usage. The Legal & Compliance Division adjusts the confidentiality measures in accordance with technological developments and changes in the society, environment, and laws. It also announces the changes. To ensure the implementation of personal information protection tasks, the subsidiaries invested large amounts of resources in the establishment of Personal Information Protection Management Teams which are responsible for the implementation, review, and management and plans of various tasks related to personal information. They also conduct reports and discussions in meetings at appropriate time.